On Tue, Sep 15, 2020 at 04:05:09PM +0200, Kamil Paral wrote: > I'd like to clarify some of our criteria which only refer to HTTP and don't > mention HTTPS. In particular: > > "When using a release-blocking dedicated installer image, the installer > must be able to use either HTTP or FTP repositories (or both) as package > sources. Release-blocking network install images must default to a valid > publicly-accessible package source." > https://fedoraproject.org/wiki/Basic_Release_Criteria#Remote_package_sources > > "The installer must be able to download and use an installer update image > from an HTTP server." > https://fedoraproject.org/wiki/Basic_Release_Criteria#Update_image > > "When using the dedicated installer images, the installer must be able to > use HTTP, FTP and NFS repositories as package sources." > https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria#Remote_package_sources > > I propose to change "HTTP" to "HTTP(S)" in all these cases (including > footnotes, where applicable).
So, from an infrastructure perspective... we do have http mirrors still. If you are using a metalink there's not any security problem using http, although there is a privacy one (anyone sniffing the traffic can see what you are downloading). We no longer have/support ftp mirrors in mirrormanager, we dropped them a while back. I don't know if this case uses a metalink? Does it? If we want to keep supporting FTP, we may have to test it locally as mirrormanager doesn't support it anymore. kevin
signature.asc
Description: PGP signature
_______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org
